Cisco IOS XE Zero-Touch Provisioning

The Zero Zero-Touch Provisioning (ZTP) solution fits within the Day 0—Device Onboarding part of the Cisco IOS XE device lifecycle. Its function is to onboard network devices to the network. There are components from Day N—Device Optimization, specifically the Python application programming interface (API) and the Guest Shell Linux container that are leveraged as part of the ZTP feature. There are other labs that focus more on Guest Shell and the Python API as well as on the Day 1 and Day 2 features that are not covered as part of this lab.

“Life Cycle Overview”

What You’ll Learn

How to set up the DHCP Server for ZTP
How to set up the Python Script for ZTP
View ZTP Process in Action

What You’ll Need

Reserve the dCloud Automation Lab.

ZTP is part of the Day 0 device programmability ecosystem, which enables network operators to provision network devices more programmatically. Using a combination of DHCP, Python, and the Linux Guest Shell container, the ZTP feature is used to fully configure the device automatically during its initial boot.

ZTP Overview

Zero Touch Provisioning occurs in the following sequence:

When an IOS XE device boots and no configuration is present, the device will issue a DHCP request on the management port and on the front panel port.
If the DHCP response contains option 67, then ZTP is initiated and the device will retrieve and execute the python script from within the Guest Shell
Then the Guest Shell is started and networking is automatically configured

“ZTP Overview”

There are three Python modules available between the Guest Shell and the IOS-XE device:

cli.cli / cli.clip
cli.execute / cli.executep
cli.configure / cli.executep

When a device that supports ZTP boots up and does not find the startup configuration (during initial installation), the device enters ZTP mode.

The device searches for an IP from a DHCP server and bootstraps itself by enabling the Guest Shell Linux container. The device then obtains the IP address or URL of the HTTP or TFTP server and downloads a Python script from the server to configure the device.

To follow along with this lab, you will need to use the dCloud Catalyst 9000 Automation Lab. It will have all the necessary components to complete this lab. You can also view a demo recording available on YouTube (no sound).

Learning ZTP can be difficult because you need both a network device ready to be provisioned and a DHCP server to provide the Python file. The DevNet Sandbox provides both of these components for you to use.

The overall process is going to be:

Set up the DHCP server.
Set up the web server.
Set up the Python file for ZTP.
Power on the IOS XE device.
Watch the ZTP process.

Prerequisites

DHCP server with option 67 specifying the Python file
Web server or TFTP server to provide the Python file
Python file for ZTP

DHCP Server

A DHCP server is required for ZTP in order for the device to learn about where to find the Python configuration file. In the lab, the DHCP server is using the open source ISC DHCPD, and the configuration file is at /etc/dhcp/dhcpd.conf in the Linux developer box. The option bootfile-name is also known as option 67, and it specifies that the configuration file is ztp.py.

In order to have the DHCP server function in this demo, you need to first enable the DHCP server, configure option 67, and then restart the DHCP server.

⚠️ Check the status of the DHCP configuration file, process, and log file with the following commands for the ISC DHCP server. An example DHCP configuration is also provided here.

To check the DHCP configuration file, you can use the following command:

cat /etc/dhcp/dhcpd.conf | grep bootfile-name

You will see the following output:

# Example for DHCP Option 67 bootfile-name with HTTP:
option bootfile-name "http://192.168.69.1/ztp.py";

You can view the DHCP process with the following command:

ps xa |grep dhcpd

You can view the log files with the following Linux command:

tail -F /var/log/dhcpd.log &

In the above example, the Python file for ZTP is called ztp.py and is hosted at the web server root directory, which is set within the Apache web server configuration.

Web Server

ZTP accesses the Python configuration file from HTTP or TFTP. In this example, HTTP is used.

⚠️ Check that the Apache HTTPD server is running with the following commands. This will follow the log file from the web server so that you will see when the file is accessed.

ps xa | grep httpd

tail -F /var/log/httpd/access_log &

Python File for ZTP

The ztp.py file is located in the web server root directory at /var/www/html/ and is downloaded by the IOS XE device during the ZTP workflow.

⚠️ Check that the ztp.py file is saved in the web server root directory and has the necessary configuration for the IOS XE device with the following command:

cat /var/www/html/ztp.py

The output should look something like this:

print "\n\n *** Sample ZTP Day0 Python Script *** \n\n"
# Importing cli module
import cli

print "Configure vlan interface, gateway, aaa, and enable netconf-yang\n\n"
cli.configurep(["int vlan 1", "ip address 10.5.123.27 255.255.255.0", "no shut", "end"])
...

Power On the IOS XE device

Now that the DHCP and web server are set up, you can power on the IOS XE device. The device will boot up and enter the ZTP workflow. You can watch the ZTP process by viewing the DHCP and web server logs.

Learn More

ZTP is a part of the ENAUTO certification track. Check out the ENAUO Certification here.
Reserve the dCloud Automation Lab.
Review the ZTP Learning Lab.
Watch the ZTP demo recording on YouTube (no sound).
Blog outlining ZTP by Jeremy Cohoe